Prepare Yourself for These New Cybersecurity Threats in 2019

For small and midsized businesses, cybersecurity in 2019 will involve a mix of challenges both old and new, as established threats evolve to undermine existing protections.

Businesses will grapple with a shifting cybersecurity landscape in 2019. While major threats like ransomware, phishing, viruses and worms will continue to menace unprepared businesses, there are several new and emerging threats — powered by cutting-edge technologies — that threaten to strike in entirely new ways. Awareness and preparation are instrumental to good cybersecurity, and we hope that this blog post can help businesses better protect themselves in the new year.

Email Cyberthreats Become More Serious

Although software like Slack and Cisco Spark have become an important part of the business communication toolbox, email use is still the most popular form of business communication. There will be 2.9 billion email users by the end of 2019, who will be sending millions of emails every second. According to researchers at enterprise cybersecurity firm FireEye, roughly one in one-hundred of those emails will contain some form of malware. Here are some of the new email attacks you may encounter in 2019:

Business Email Compromise (BEC) BEC synthesizes the entire hacker arsenal, including phishing, social engineering, and malware into a cohesive, highly-sophisticated new type of cyber threat. The goal of a BEC attack is for cybercriminals to pose as a high-level executive (often a CEO) in order to send correspondence to other executives who have access to company finances and bank accounts, convincing them to make wire transfers to accounts that seemingly belong to a trusted supplier or partners. Because BECs are targeted, executed carefully in several stages, and involve no links or malware, they can be extremely difficult to identify, which has made them an increasingly popular option for hackers. The FBI, has seen a 1300% increase in BEC attacks since they began tracking them just a few years ago.

Advanced Phishing Techniques Phishing attacks are one of the most pervasive forms of cyberthreat. According to Wombat Security’s 2018 State of the Phish report, 73% of businesses were victim to some form of phishing attack in the past year. While traditional phishing will continue to be a major threat in 2019, new forms of phishing will also emerge to undermine improved anti-phishing technologies. This includes “pharming,” a form of attack in which a company’s DNS servers are targeted in order to alter or “poison” its IP address records. These compromised DNS servers then surreptitiously redirect users to fake websites and trick them into handing over sensitive information.

A New Breed of Malicious AI Emerges

When IBM released its AI-powered “DeepLocker” malware proof of concept at the Black Hat USA conference in August, it pointed toward a new future of intelligent, “evasive” malware that possessed the ability to “unlock” itself and start an attack once one or several external conditions or “triggers” occur. These triggers could range from an audio-visual cue (using computer vision and a computers webcam), a locational requirement, or another detectable variable in the infected system.

While there’s been an outpouring of praise for AI in the technology media, it’s less known that these AI-aided cyberattacks are already starting to appear at the fringes of the security world. We believe it’s likely some of those threats will start to go mainstream in 2019, as cyber criminals become more adept at bending the power of machine and reinforcement learning to nefarious ends. This may include an uptick in polymorphic or metamorphic malware which can strategically deploy encryption to hide itself from traditional, signature-based anti-virus software.

One version of the AI-powered attacks that’s already started to do damage is fraudulent chatbots. Whereas just a few years ago AI chatbots could barely handle rudimentary customer conversations, advances in machine learning, natural language processing, and computer vision have made the modern chatbot very effective at engaging in a variety of customer interactions. Attackers have started using these chatbots — in disguise of course— to launch complex man-in-the-middle attacks that trick clients into divulging personal information or installing malicious software on their PC, which are presented as a means of helping clients or providing better service.

Security in 2019 Must Protect Against Old and New Threats

Just because new threats are emerging, doesn’t mean that last year’s threats have disappeared. While we may have seen the peak of ransomware attacks, projections from Cybersecurity Ventures shows that ransomware will still cost businesses around $11.5 billion in 2019. That means in order to stay secure in the new year, you’ll want to make evolutionary improvements to your security strategy that covers the new threats on the horizon, while still offering robust protection against the attacks that made headlines last year.

Unfortunately, accessing the talent necessary to plan and execute that strategy will be a source of difficulty for many businesses — especially SMBs. The cybersecurity job market was tight in 2018 and will continue to be so for the foreseeable future, with approximately 300,000 cybersecurity jobs going unfilled in the U.S. When the necessary cybersecurity talent can be found, it often comes at a premium price. The average salary for a cybersecurity engineer is $92,000 a year, far out of budget for most SMBs.

Don’t rely on security through obscurity to keep you safe either, hackers are increasingly wise to the fact that small and medium-sized businesses are under-defended and contain valuable data in just the same way that larger companies do. To keep your business safe, work with a cybersecurity partner that has decades of experience keeping companies across central Ohio safe, like Astute Technology Management.